Posted by: David Harley | July 1, 2015

A word of caution

I’ve been asked (again) about MacKeeper. The name has come up several times in comments directed towards Mac security sites like this one, Mac-related user forums and on various specialized lists, in the context of dubious malware alert pop-ups and aggressive marketing. I’ve never used or tested the product myself(and don’t intend to – as long as I’m getting a sizeable proportion of my income from a security product, I prefer not to return to formally testing other security products), I haven’t seen any of the behaviour of which the product is accused at first hand, and I obviously can’t in normal circumstances confirm the veracity or otherwise of accusations made in blog comments. However, a recent Graham Cluley article about a specific zero-day issue (reportedly now fixed) with MacKeeper actually points to a number of less-than-flattering articles about the product.

Worth taking a look first if you’re thinking about buying it. In particular, you might want to read the Cult of Mac article from 2012: it includes a statement from MacKeeper’s PR Director, offering some explanations for its bad reputation.

Posted by: David Harley | June 26, 2015

Contact Form

Though quite a few people seem to read this blog, not many actually comment (which is fine). Of those who do, quite a few are asking questions about malware or security rather than commenting on the site or specific articles, so I’ve added a contact page here, as not everyone wants to share their own security concerns with the whole online world.

While I’ll respond – if appropriate – to emails sent that way as soon as possible, I can’t guarantee a quick response. If you have a query about malware affecting your Mac or other device, I’d recommend that you contact the help team for your chosen security software. In many other cases, you may find that contacting one of the many forums where users of the same device share issues and information gets you a faster response.

I’m afraid I don’t have the time and resources to offer one-to-one support. I may, when time allows, put up some links to possibly-useful pages.

David Harley
Small Blue-Green World

Posted by: David Harley | June 19, 2015

0-day flaw in iOS and OS X

This is interesting, in a depressing sort of way:  it’s a report on Unauthorized Cross-App Resource Access on Mac OS X and iOS documenting a combination of issues that affect both OS X and iOS. The researchers behind the report are from the universities of Indiana, Tsinghua, and Peking, and the Georgia Institute of Technology. They state that:

We reported this vulnerability to Apple on Oct. 15, 2014, and communicated with them again in November, 2014 and early 2015.

However, they say that the issues have not so far been resolved. The report is quite long and detailed, but if you want a briefer summary, there have been plenty of summarizing articles:

David Harley
Small Blue-Green World

Posted by: David Harley | May 22, 2015

Apple Store app 2FA

Slash Gear tells us that Apple Store app gets 2-step verification, Touch ID security. J.C. Torres tells us that the updated iOS app:

…will also now require additional authentication when viewing order history or making reservations at retail stores. This time, however, it will be the more convenient Touch ID that will be required instead of a separate passcode.

David Harley
Small Blue-Green World

Posted by: David Harley | May 22, 2015

Selling on your Android?

Then you might want to be aware that you may be selling on some of your data with it, even after a factory reset.

A paper on Security Analysis of Android Factory Resets by Laurent Simon and Ross Anderson is based on a study of ‘the implementation of Factory Reset on 21 Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.’ They believe that:

…up to 500 million devices may not properly sanitise their data partition where credentials and other sensitive data are stored, and up to 630M may not properly sanitise the internal SD card where multimedia files are generally saved. We found we could recover Google credentials on all devices presenting a flawed Factory Reset.

Anderson’s own blog also points out that this calls into question the ability of security software to guarantee the effectiveness of a remote wipe of a stolen phone if the software relies on a faulty factory reset, an issue explored in more detail in the paper Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps.

Hat tip to Randy Knobloch, who flagged an article by Liam Tung that brought the papers to my attention.

David Harley
Small Blue-Green World

Posted by: David Harley | May 15, 2015

Apple watch – no Activation Lock

I don’t have (and probably never will have) an Apple watch: I’m quite happy to have a watch that just tells the time. Still, I’m surprised to read on the iDownloadBlog that Watch OS 1.0 lacks the necessary security features to dissuade thieves: that is, it doesn’t have Activation Lock, so it’s ‘ …extremely easy to reset an Apple Watch to default settings, bypassing the passcode, and pairing it with a different iPhone.’

I’d be sorry if I lost my current watch, but it’s just a watch: an iGadget is a different kettle of data. To be fair, ‘…the Apple Watch does protect your data. If you have a passcode lock on the device, which we wholeheartedly recommend, at least it will prevent the thief from accessing your personal data on the device.’ What it doesn’t do is  dissuade a thief from stealing it in the way that is many people have got used to on iPhones and other iGadgets. If you do lose it, there’s nothing to stop the next ‘owner’ from resetting it and using it as if they’d just bought it.

David Harley
Small Blue-Green World

 

Posted by: David Harley | May 15, 2015

Macs in the Enterprise

It’s a long time since I was directly involved with systems administration and support (back when OS X was still very new), and my recollection is that Macs were relatively easy to administer unless you had to integrate them into Windows environments (or possibly vice versa).

The little network I run now is really not the place to try his suggestions out, but if you are running that sort of environment, Trevor Pott‘s article for The Register on Adjustments will be needed to manage the Macs piling up in your business – choose the necessary tools looks as if it could be seriously useful.

David Harley
Small Blue-Green World

 

Posted by: David Harley | May 12, 2015

MacKeeper vulnerability: maybe not that funny

For The Register, Richard Chirgwin reports on a remote code execution vulnerability in MacKeeperPop-up pest MacKeeper patches 0-day remote code execution vuln. The vulnerability is discussed at more length in a SecureMac advisory.

The MacKeeper article advises that users run MacKeeper Update Tracker so as to get a patched version.

Chirgwin suggests that Mac users annoyed by MacKeeper’s reputation for persistent and aggressive pop-up marketing will take some pleasure in the company’s embarrassment. However I wonder how many of the product’s many users will get to hear about the Proof of Concept attack (which MacKeeper’s article doesn’t actually mention) and take appropriate measures.

David Harley
Small Blue-Green World

Posted by: David Harley | May 4, 2015

VT, KnockKnock and OS X security

Here’s a quick follow-up to my earlier post for ITSecurity on OS X malware: I hear you KnockKnocking but you can’t come in (also mentioned on this site here).

VirusTotal reports that Patrick Wardle has incorporated data from the site into KnockKnock, a program intended to flag possible malware generically (by checking for unexpectedly persistent apps). The exact nature of the data isn’t described. VT also mentions tools it has made available to help with OS X security: tools to further characterize Mac OS X executables, and VirusTotal Uploader for OS X.

I haven’t checked these tools out, and can’t comment at present on their efficacy.

David Harley

Posted by: David Harley | April 23, 2015

Android: Google’s new look at malware

Every so often, Google comes up with a presentation that plays down the risk to Android users from malware. An article of mine that Infosecurity Magazine has just published – #RSAC: Android: malware? What malware? – looks at the implications of an RSA 2015 presentation by Lead Android Engineer Adrian Ludwig, deprecating the use of the word malware to describe ransomware, Trojans etc. because it’s ‘confusing’. The presentation is interesting for its insight into current Google security strategies, but in my book, unilaterally changing the terminology used to describe malicious software so that it sounds less frightening is too close to whitewashing to be useful.

David Harley
Small Blue-Green World

Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.

Join 50 other followers